From f1baf3693e5d94e4a26ba43115cdc94e66c4df06 Mon Sep 17 00:00:00 2001
From: Daniel Lenski <dlenski@gmail.com>
Date: Thu, 8 Apr 2021 14:32:32 -0700
Subject: [PATCH] Multi-protocol support documentation

Mention F5 and Fortinet on the index page, explain the multi-protocol design
philosophy a bit more, and add a page with a concise list of the supported
protocols.

Signed-off-by: Daniel Lenski <dlenski@gmail.com>
---
 www/Makefile.am   |  2 +-
 www/index.xml     | 32 +++++++++++++++++++++++---------
 www/menu1.xml     |  2 +-
 www/protocols.xml | 36 ++++++++++++++++++++++++++++++++++++
 4 files changed, 61 insertions(+), 11 deletions(-)
 create mode 100644 www/protocols.xml

diff --git a/www/Makefile.am b/www/Makefile.am
index b0c89044..971f26fe 100644
--- a/www/Makefile.am
+++ b/www/Makefile.am
@@ -6,7 +6,7 @@ CONV 	= "$(srcdir)/html.py"
 FTR_PAGES = csd.html charset.html token.html pkcs11.html tpm.html features.html gui.html nonroot.html hip.html tncc.html
 START_PAGES = building.html connecting.html manual.html vpnc-script.html
 INDEX_PAGES = changelog.html download.html index.html packages.html platforms.html licence.html
-PROTO_PAGES = anyconnect.html fortinet.html f5.html globalprotect.html juniper.html pulse.html
+PROTO_PAGES = protocols.html anyconnect.html fortinet.html f5.html globalprotect.html juniper.html pulse.html
 TOPLEVEL_PAGES = contribute.html mail.html
 
 ALL_PAGES = $(FTR_PAGES) $(START_PAGES) $(INDEX_PAGES) $(TOPLEVEL_PAGES) $(PROTO_PAGES)
diff --git a/www/index.xml b/www/index.xml
index 45929336..ae92d103 100644
--- a/www/index.xml
+++ b/www/index.xml
@@ -9,21 +9,19 @@
 	<INCLUDE file="inc/content.tmpl" />
 
 <h1>OpenConnect</h1>
-<p>OpenConnect is an SSL VPN client initially created to support Cisco's <a href="http://www.cisco.com/go/asm">AnyConnect SSL VPN</a>.
-It has since been ported to support the Juniper SSL VPN (which is now known as <a href="https://www.pulsesecure.net/products/connect-secure/">Pulse Connect Secure</a>),
-and the <a href="https://www.paloaltonetworks.com/features/vpn">Palo Alto Networks GlobalProtect SSL VPN</a>.</p>
+<p>OpenConnect is an SSL VPN client initially created to support Cisco's <a href="http://www.cisco.com/go/asm">AnyConnect SSL VPN</a></p>
+
+<p>It has since been ported to support several other proprietary VPN protocols:
+the Juniper SSL VPN (which is now known as <a href="https://www.pulsesecure.net/products/connect-secure/">Pulse Connect Secure</a>),
+the <a href="https://www.paloaltonetworks.com/features/vpn">Palo Alto Networks GlobalProtect SSL VPN</a>,
+the <a href="https://www.f5.com/products/big-ip-services">F5 Big-IP SSL VPN</a>,
+and the <a href="https://www.fortinet.com/products/vpn">Fortinet Fortigate SSL VPN</a>.</p>
 
 <p>An openconnect VPN server (<a href="https://www.infradead.org/ocserv">ocserv</a>), which implements an improved version of the Cisco AnyConnect protocol,
 has also been written.</p>
 
 <p>OpenConnect is released under the <a href="licence.html">GNU Lesser Public License, version 2.1</a>.</p>
 
-<p>Like <a href="http://www.unix-ag.uni-kl.de/~massar/vpnc/">vpnc</a>,
-OpenConnect is not officially supported by, or associated in any way
-with, Cisco Systems, Juniper Networks, Pulse Secure, or Palo Alto Networks.
-It just happens to interoperate with their equipment.
-</p>
-
 <h2>Motivation</h2>
 
 <p>Development of OpenConnect was started after a trial of the Cisco
@@ -46,5 +44,21 @@ client under Linux found it to have many deficiencies:</p>
 <p>Naturally, OpenConnect addresses all of the above issues, and more.
 </p>
 
+<h2>Multi-protocol support</h2>
+
+<p>Like <a href="http://www.unix-ag.uni-kl.de/~massar/vpnc/">vpnc</a>,
+OpenConnect is not officially supported by, or associated in any way
+with Cisco Systems, nor with Juniper Networks, Pulse Secure,
+Palo Alto Networks, F5, or Fortinet.
+It just happens to interoperate with their equipment.</p>
+
+<p>Wherever possible, OpenConnect presents a uniform API and command-line
+interface to each of these VPNs. For example,
+<a href="manual.html"><tt>openconnect --force-dpd=10</tt></a>
+will attempt dead peer detection every 10 seconds on every VPN that
+supports it, even though the actual mechanism used may be protocol-specific.
+Protocol-specific features and deficiencies are described on the
+<a href="protocol.html">individual protocol pages</a>.</p>
+
 	<INCLUDE file="inc/footer.tmpl" />
 </PAGE>
diff --git a/www/menu1.xml b/www/menu1.xml
index 511e3ef5..f5849a67 100644
--- a/www/menu1.xml
+++ b/www/menu1.xml
@@ -5,7 +5,7 @@
 	<MENU topic="Getting Started" link="building.html" mode="VAR_SEL_STARTED" />
 	<MENU topic="Mailing List / Help" link="mail.html" mode="VAR_SEL_MAIL" />
 	<MENU topic="Contribute" link="contribute.html" mode="VAR_SEL_CONTRIBUTE" />
-	<MENU topic="Protocols" link="anyconnect.html" mode="VAR_SEL_PROTOCOLS" />
+	<MENU topic="Protocols" link="protocols.html" mode="VAR_SEL_PROTOCOLS" />
 	<MENU topic="VPN Server" link="http://www.infradead.org/ocserv/" mode="VAR_SEL_SERVER" />
 	<MENU topic="OpenConnect VPN client" link="" mode="text" />
 	<ENDMENU />
diff --git a/www/protocols.xml b/www/protocols.xml
new file mode 100644
index 00000000..e93aeb77
--- /dev/null
+++ b/www/protocols.xml
@@ -0,0 +1,36 @@
+<PAGE>
+	<INCLUDE file="inc/header.tmpl" />
+
+	<VAR match="VAR_SEL_PROTOCOLS" replace="selected" />
+	<VAR match="VAR_SEL_ANYCONNECT" replace="selected" />
+	<PARSE file="menu1.xml" />
+	<PARSE file="menu2-protocols.xml" />
+
+	<INCLUDE file="inc/content.tmpl" />
+
+<h1>Protocols</h1>
+
+<p>OpenConnect was initially created to support Cisco's AnyConnect SSL VPN. This remains the default protocol used by the client, if not otherwise specified.
+See <a href="manual.xml">the <tt>--protocol</tt> option</a> for how to use a different protocol with the command-line client.</p>
+
+<p>The following pages document protocol-specific features and deficiencies:</p>
+
+<ul>
+  <li><a href="anyconnect.html">Details</a> on support for
+  Cisco's <a href="http://www.cisco.com/go/asm">AnyConnect SSL VPN</a> (<tt>--protocol=anyconnect</tt>).
+  The OpenConnect VPN server, <a href="https://ocserv.gitlab.io/www/index.html">ocserv</a>, now implements an improved version of this protocol.</li>
+  <li><a href="juniper.html">Details</a> on support for
+  Juniper SSL VPN (<tt>--protocol=nc</tt>)</li>
+  <li><a href="juniper.html">Details</a> on support for
+  <a href="https://www.pulsesecure.net/products/connect-secure/">Pulse Connect Secure</a> SSL VPN (<tt>--protocol=pulse</tt>;
+  most Pulse VPNs also support the older Juniper protocol, unless explicitly disabled)</li>
+  <li><a href="globalprotect.html">Details</a> on support for
+  <a href="https://www.paloaltonetworks.com/features/vpn">Palo Alto Networks GlobalProtect SSL VPN</a> (<tt>--protocol=gp</tt>)</li>
+  <li><a href="f5.html">Details</a> on support for
+  <a href="https://www.f5.com/products/big-ip-services">F5 Big-IP SSL VPN</a> (<tt>--protocol=f5</tt>; PPP-based)</li>
+  <li><a href="fortinet.html">Details</a> on support for
+  <a href="https://www.fortinet.com/products/vpn">Fortinet Fortigate SSL VPN</a> (<tt>--protocol=fortinet</tt>; PPP-based)</li>
+</ul>
+
+	<INCLUDE file="inc/footer.tmpl" />
+</PAGE>
-- 
2.49.0